RSS service restored after four hours offline as extortion scheme continues

RSS aggregator Feedly today went dark for the second time in two days as another wave of distributed-denial-of service (DDoS) attacks knocked it offline.

At approximately 10:30 a.m. ET (7:30 a.m. PT), Feedly acknowledged that it had again been targeted by cyber criminals, who seem bent on crippling the RSS provider.

"The ops team has reviewed the attacks and is working on building a second line of defense to neutralize this second attack," said company officials, including Edwin Khodabakchian, Feedly CEO, in a brief status update on the firm's blog.

It's not unusual for sophisticated DDoS attackers to swamp servers as part of an extortion plot, even though many attacks are politically or ideologically motivated, and no demands are made. The high-profile attack against Feedly -- which assumed the most-popular RSS aggregator mantle after Google pulled the plug last year on Google Reader -- may tip more criminals toward a ransom strategy.

"Although Feedly came out and said they wouldn't pay, we will likely see an increase in this type of behavior and incentivize more attackers to launch DDoS attacks that have ransom demands attached to them," argued Fred Kost, vice president of security solutions at Ixia, a California vendor that sells network testing, monitoring, optimization and security products.

"These criminals are determined to try to extort some money and we are determined to say no to extortion and focus on building a stronger Feedly instead," the firm pledged today.

Third-party RSS applications, which use Feedly as either their only feed source or one of several, were also unable to collect updates from Feedly during the two outages.